More lines, more chances more fun!!

DTD EUROPEAN SERVICES LIMITEDPRIVACY NOTICE

ABOUT THIS NOTICE

DTD European
Services Limited is committed to protecting the privacy and security of your
personal information. This privacy notice describes how we collect and use
personal information about you in accordance with data protection law in
relation to our e-luk and Eurochance 100 products. Please read it carefully.

Data protection law says that the personal information we hold about you must be:

Used lawfully, fairly and in a transparent way.

Collected only for valid purposes that we have
clearly explained to you and not used in any way that is incompatible with
those purposes.

Relevant to the purposes we have told you about
and limited only to those purposes.

Accurate and kept up to date.

Kept only as long as necessary for the purposes
we have told you about.

Kept securely

If you have any questions about this notice or how we collect and use personal information
about you please contact us using the details below.

INFORMATION ABOUT US

We are DTD European Services Limited. Our registered office is at First Floor Roxburghe House,
273-287 Regent Street, London, W1B 2HA and our registered company number is 06004362.

If you have any questions, our contact details are:

First Floor Roxburghe House 273-287 Regent Street, London, W1B 2HA

+44 (0) 8000 355 590

info@e-luk.co.uk

Our parent company DTD Dienstleistungsgesellschaft mbH has appointed a Data Protection Officer, Roland
Mons, who is responsible for data compliance issues across the group. His contact details are below:

+49 (0) 621 - 911 090 80

r.mons@mds-consulting.de

CONTRACT INFORMATION AND OTHER CORRESPONDENCE

When you enter into a contract with us (or someone does so on your behalf) there will be personal
information about you relating to that contract such as your name, contact details, contract details,
delivery details, and correspondence with us about the contract.

We need certain information to carry out our contract with you and you must provide this in order to
enter into a contract with us (or as required under that contract), if you do not, we may not be able to
carry out our contract with you. Mandatory information fields are generally set out when you are entering
into the contract, but in particular, you must provide the following information:

Your name and contact details.

Your payment details.

Other correspondence or interaction (for example by email, telephone, post, SMS or via our website)
between you and us, will include personal information (such as names and contact details) in that
correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against
you and disputes with you or your organisation.

Call information. We may also collect details of phone numbers used to call our organisation or our
call centre and the date, time and duration of any calls. Please note that if we record your calls to or
from us, we will inform you of this.

We will keep and use that information to carry out our contract with you (if applicable), to comply with any
legal requirements for us to maintain certain records or carry out certain verifications, and/or for our
legitimate interests in dealing with a complaint or enquiry and administering your (or your organisation's)
account or order and any services we offer, as well as to review and improve our offerings, including
troubleshooting, data analysis, testing, research, statistical and survey purposes.

Where your information relates to a contract, it is kept for a period of up to 10 years after your
account is closed to enable us to deal with any after sales enquiries or claims and as required for tax
purposes.

Payment information is collected by our direct debit or payment card processing provider and is
retained for a period of up to 3 months after your account is closed to enable us to deal with any after
sales enquiries.

Website information

We may collect information about you and your use of our website via technical means such as webpage
counters and other analytics tools. We use this as necessary for our legitimate interests in administering
our website and to ensure it operates effectively and securely.

Our website may, from time to time, contain links to third party websites, plug-ins and applications.
Clicking on those links or enabling those connections may allow third parties to collect or share
data about you. We do not control these third party websites and are not responsible for their privacy
statements. When you leave our website, we encourage you to read the privacy notice of every website you
visit.

Employee Information

If you work for one of our customers, suppliers or business partners, the information we collect about you
may include your contact information, details of your employment and our relationship with you. This
information may be collected directly from you, or provided by your organisation. Your organisation
should have informed you that your information would be provided to us, and directed you to this policy.
We use this as necessary for our legitimate interests in managing our relationship with your organisation.
If we have a business relationship with you or your organisation, we may receive information about you from
your organisation.

We keep this information for up to ten years after the end of our relationship with your organisation.

Legal Claims

Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your
personal information as necessary for our legitimate interests in ensuring that we can properly bring or
defend legal claims. We may also need to share this information with our insurers or legal advisers. How
long we keep this information for will depend on the nature of the claim and how long we consider there to
be a risk that we will need to defend or bring a claim.

Information we receive from third parties

We may also receive information about you from the following sources:

Our service providers. We work closely with third parties (including, for example, business
partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics
providers, search information providers and credit reference agencies) who may provide us with
information about you, to be used as set out above.

Businesses we have bought. If we have acquired another business, or substantially all of its
assets, which originally held your information, we will hold and use the information you provided to
them, or which they otherwise held about you, in accordance with this privacy notice.

Publicly available sources. We obtain information from the following publicly available
sources: Companies House, LinkedIn, official web site, Facebook

WHY ELSE DO WE USE YOUR INFORMATION?

Common uses of your information. We will only use your personal information when the law allows us to
do so. Although in limited circumstances we may use your information because you have specifically consented
to it, we generally use your information in the ways set out in this notice because:

We need to perform a contract we have entered into with you.

We need to comply with a legal obligation.

It is necessary for our legitimate interests (or those of a third party) and your interests and rights
do not override those interests.

We need to protect your interests (or someone else's interests) or where it is needed in the public
interest (although these circumstances are likely to be rare).

Change of purpose.We will only use your personal information for the purposes for which we collected
it as set out in this notice, unless we reasonably consider that we need to use it for another reason and
that reason is compatible with the original purpose. If we need to use your personal information for an
unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

SHARING YOUR INFORMATION

As well as any sharing listed above, we may also share your information with third parties, including
third-party service providers and other entities in our group. Third parties are required to respect the
security of your personal information and to treat it in accordance with the law. We never sell your data to
third parties.

Why might we share your personal information with third parties?

We may share your personal information with third parties if we are under a duty to disclose or share your
personal information in order to comply with any legal obligation, or in order to enforce or apply our
agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where
we have another legitimate interest in doing so. This may include exchanging information with other
companies and organisations for the purposes of fraud protection and credit risk reduction.

We also may need to share your personal information for third-party service providers (including contractors
and designated agents) so that they can carry out their services.

The following activities are carried out by third-party service providers: call centre services, legal
advice, contract administration, administration, IT services, direct debit collection and payment
processing

When might we share your personal information with other entities in the group?

We may share your personal information with other entities in our group as part of our regular reporting
activities on company performance, in the context of a business reorganisation or group restructuring
exercise, and for system maintenance support and hosting of data.

How secure is your information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take
appropriate security measures to protect your personal information. Where third parties process your
personal information on our behalf as "data processors" they must do so only on our instructions and where
they have agreed to treat the information confidentially and to keep it secure.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible
sale or restructuring of the business where necessary in connection with the purposes which your information
was collected for. We may also need to share your personal information with a regulator or to otherwise
comply with the law.

WHERE WE STORE YOUR INFORMATION

Our office headquarters are based in Speyer, Germany and our main data centre is located in Darmstadt,
Germany, However, where required to perform our contract with you or for our wider business purposes, the
information that we hold about you may be transferred to, and stored at, a destination outside the UK and
the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our
service providers.

We will take all steps reasonably necessary to ensure that your personal information is treated securely and
in accordance with this privacy notice.

If we transfer data to countries or organisations outside of the UK and the EU which the EU does not
consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards
(for example, model clauses approved by the EU or a data protection authority) are put in place where
required. To obtain more details of these safeguards, please contact us.

DATA SECURITY

As well as the measures set out above in relation to sharing of your information, we have put in place
appropriate internal security measures to prevent your personal information from being accidentally lost,
used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal
information to those employees, agents, contractors and other third parties who have a business need to
know. They will only process your personal information on our instructions and they are subject to a duty of
confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any
applicable regulator of a suspected breach where necessary.

HOW LONG WILL WE KEEP YOUR INFORMATION FOR?

We have set out above indications of how long we generally keep your information. In some circumstances, it
may be necessary to keep your information for longer than that in order to fulfil the purposes we collected
it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and
sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of
your personal information, the purposes for which we process your personal information and whether we can
achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with
you, in which case we may use such information without further notice to you.

YOUR RIGHTS

Data protection law gives you a number of rights when it comes to personal information we hold about you.
The key rights are set out below. More information about your rights can be obtained from the Information
Commissioner's Office (ICO). Under certain circumstances, by law you have the right to:

Be informed in a clear, transparent and easily understandable way about how we use your personal
information and about your rights. This is why we are providing you with the information in this notice.
If you require any further information about how we use your personal information, please let us
know.

Request accessto your personal information (commonly known as a "data subject access request").
This enables you to receive a copy of the personal information we hold about you and to check that we
are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have
any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove
personal information where there is no good reason for us continuing to process it (for instance, we may
need to continue using your personal data to comply with our legal obligations). You also have the right
to ask us to delete or remove your personal information where you have exercised your right to object
to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which makes you want
to object to us using your information on this basis and we do not have a compelling legitimate basis
for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend
a legal claim).

Request the restriction of processing of your personal information. This enables you to ask us to
suspend the processing of personal information about you, for example if you want us to establish its
accuracy or the reason for processing it.

Request the transfer of your personal information to another party where you provided it to us
and we are using it based on your consent, or to carry out a contract with you, and we process it using
automated means.

Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed
to the other bases set out above) to the collection, processing and transfer of your personal
information for a specific purpose, you have the right to withdraw your consent for that specific
processing at any time. Once we have received notification that you have withdrawn your consent, we will
no longer process your information for the purpose or purposes you originally agreed to, unless we have
another legitimate interest in doing so.

Lodge a complaint. If you think that we are using your information in a way which breaches data
protection law, you have the right to lodge a complaint with your national data protection supervisory
authority (if you are in the UK, this will be the ICO).

If you want to review, verify, correct or request erasure of your personal
information, object to the processing of your personal information, withdraw your consent to the processing
of your personal information or request that we transfer a copy of your personal information to another
party, please contact us using the details set out at
http://www.e-luk.net/contact.html

No fee usually required. You will not have to pay a fee to access your personal information
(or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access
is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such
circumstances.

What we may need from you. We may need to request specific information from you to help us
understand the nature of your request, to confirm your identity and ensure your right to access the
information (or to exercise any of your other rights). This is another appropriate security measure to
ensure that personal information is not disclosed to any person who has no right to receive it.

Timescale. Please consider your request responsibly before submitting it. We will respond to your
request as soon as we can. Generally, this will be within one month from when we receive your request but,
if the request is going to take longer to deal with, we will let you know.

CHANGES TO THIS PRIVACY NOTICE

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate,
notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our
privacy notice.